openssl error when enabling sni - error report.

jonn

jonn

Verified User
Joined
Mar 29, 2009
Messages
112
Location
Queensland, Australia.
Received an error when enabling enable_ssl_sni=1 in directadmin.conf
Error occurred after restarting services to enable it.
Restart didn't enable SNI, still forced Owned IP notice for Reseller with 'shared ip' in reseller-level & user-level.
Server has two ips, one for server under admin default with no extra domains hosted on user-level. and one ip assigned as 'shared ip' to separate reseller account for shared hosting with its default domain under its own user-level used when setting up the reseller.

This was the setup.
-Admin
-Server IP 00.00.00.00, also used for ns1.
-separate slaves.
-Hostname: 'server.xxxxxfqdnxxxxx.net'
-no hosted domains on this server ip 00.00.00.00.

-Create ResellerAdmin Account
-Assigned IP 'shared' 11.11.11.11
-reseller default domain 'xxxxxfqdnxxxxx.net' on its own user-level on setup of reseller.
-add test client hosted domain 'anotherxxxxfqdnxxxx.info' on reseller level.

-enable sni.


Might be a one time occurrence but worth reporting the error.

directadmin/error.log

Code: 
2015:11:26-08:25:47: Unable to connect to secure socket: Some I/O error occurred.  The OpenSSL error queue may contain more information on the error.  If the error queue is empty (i.e. ERR_get_error() returns 0), ret can be used to find out more about the error: If ret == 0, an EOF was observed that violates the protocol.  If ret == -1, the underlying BIO reported an I/O error (for socket I/O on Unix systems, consult errno for details).
openssl error queue:
empty error queue.  ret=-1
errno: Connection timed out

SNI was enabled only after rebuilding Apache this was 1 hour in after everything else was tried first, rewrite configs stuff like that. Might have something to do perhaps with after recompiling php-fpm with imap-php support or could be a bug.

tested self-signed certificate on reseller user-level with assigned ip status 'shared' and self-sign works, will test wildcard-ssl-certificate next week to make sure this was just a one off error.

Thanks...
 
Update.

Multidomain SSL with multiple sans installed fine, tested, seems ok, I'm assuming it might have just been a warning with fresh install with no certs configured and nothing more, all needed ports with tls/ssl running and no further warnings. Server running tick tock like a clock. Cheers.
 
You must log in or register to reply here.
Back
Top